Saturday, February 02, 2019

The most important is number 10.
… While we cannot cover all aspects of data security and privacy here, we offer these 10 tips that may be particularly relevant to start-ups.




Not sure I agree. I’ll ask my students.
Improving Cybersecurity Means Taking More Care with What We Digitize
… how do we fix our cybersecurity troubles? In two words: Slow down. Put simply, the time has come to more purposefully control what it is we digitize. This means slowing down the pace of adoption of networked technology with new laws and standards aimed at increasing the quality and reliability of any device with an IP address. And it means carefully preserving analog capabilities, even as we embrace the digital.
… As it stands, once something has been turned into computer code — by cameras, recording devices, keyboards, or sensors — nothing can be done to “certify” its status as secure. That information may be viewed or corrupted by unauthorized entities or used in ways that violate the privacy or trust of the individuals who generated the data.




It’s free for everyone. Isn’t the FBI an ‘everyone?”
One Of The Biggest At-Home DNA Testing Companies Is Working With The FBI
Family Tree DNA, one of the largest private genetic testing companies whose home-testing kits enable people to trace their ancestry and locate relatives, is working with the FBI and allowing agents to search its vast genealogy database in an effort to solve violent crime cases, BuzzFeed News has learned.
Federal and local law enforcement have used public genealogy databases for more than two years to solve cold cases, including the landmark capture of the suspected Golden State Killer, but the cooperation with Family Tree DNA and the FBI marks the first time a private firm has agreed to voluntarily allow law enforcement access to its database.
… For law enforcement officials, the access could be the key to unlocking murders and rapes that have gone cold for years, opening up what many argue is the greatest investigative tactic since the advent of DNA identification. For privacy advocates, the FBI’s new ability to match the genetic profiles from a private company could set a dangerous precedent in a world where DNA test kits have become as common as a Christmas stocking stuffer.
… The Family Tree database is free to access and can be used by anyone with a DNA profile to upload, not just paying customers.
For detectives across the country desperate for leads, investigative genealogy has become the newest frontier for law enforcement agencies. By uploading DNA collected from a crime scene to genealogy databases, detectives have been able to locate distant relatives of suspected serial killers and rapists. Then, assembling a genealogical tree from that information, they have worked to identify suspects of crimes.




An evil invasion of privacy to protect grandma’s health? Will my health insurance pay for them?
Alphabet’s Verily has been working on health-tracking shoes to measure movement, weight and falls
Alphabet’s life sciences arm, Verily, has been looking for partners to co-develop shoes with sensors embedded to monitor the wearer’s movement and weight, as well as to measure falls, CNBC has learned.
… If Verily progresses with the project, the shoes could have a wide range of health-related uses. For instance, sudden weight gain can be a sign that the body is retaining fluid, which is a symptom of congestive heart failure. Another area of interest is fall detection, two of the people said, which could be useful for seniors in particular.




Well, I’ll be geeked. Tech-literate judges! What will they think of next?
FCC struggles to convince judge that broadband isn’t “telecommunications”
FCC General Counsel Thomas Johnson struggled to explain why broadband shouldn't be considered a telecommunications service, and struggled to explain the FCC's failure to protect public safety agencies from Internet providers blocking or slowing down content.
Oral arguments were held today in the case, which is being decided by a three-judge panel of the US Court of Appeals for the District of Columbia Circuit. (Audio of the four-hour-plus oral arguments is available here.) Throttling of firefighters' data plans played a major role in today's oral arguments.




The 2020 election will be wild.
Almost Half Of Voters Are Dead Set Against Voting For Trump
With the 2020 election cycle revving into full gear, pollsters are asking voters whether they plan to vote for President Trump. In a Washington Post/ABC News survey, respondents were asked if they would definitely vote for the president, consider voting for him or definitely not vote for him — and 56 percent said they would definitely not vote for him. Morning Consult posed a slightly different form of this question, asking voters if they’d definitely or probably vote for Trump, or if they’d definitely or probably vote for someone else. Eight percent said they would probably vote for someone else, but 47 percent said they would definitely vote for someone else. In total, that’s 55 percent of respondents who seemed unlikely to vote for Trump.




An interesting article. Would it work for a politician?
Should You Ignore What Your Customers Want? The Great Winemakers Do.


Friday, February 01, 2019

Connecting humans to the Internet. (for medicinal purposes only!)
Peter Holley reports:
When his chemotherapy patients leave the hospital to continue treatment at home, Edward Greeno faces a new challenge.
He can no longer ensure they’re taking their medicine.
Greeno, the medical director of the Masonic Cancer Clinic at the University of Minnesota, has come to realize that some patients, like children hiding naughty behavior from a parent, will fudge the truth to avoid his disapproval, even when their health is at risk.
To combat patients’ fibbing and forgetfulness, Greeno has begun deploying a new tool in recent months: a pill embedded with a tiny, ingestible sensor. The sensor transmits data from inside the patient’s body to a wearable patch placed on their abdomen, which then connects to a mobile app that patients and doctors can access.
Read more on The Columbian.




Law enforcement will love this. Who will be the first to offer them a “confess-o-matic?”
Engineers translate brain signals directly into speech
In a scientific first, neuroengineers have created a system that translates thought into intelligible, recognizable speech. This breakthrough, which harnesses the power of speech synthesizers and artificial intelligence, could lead to new ways for computers to communicate directly with the brain.




Easing into our Disaster Recovery discussion.
Creating an Effective Business Continuity Plan




Moving from a car service to a transportation service...
Uber just added public transportation to its app
Uber customers who live in Denver may notice something strange when they open the company’s app today: a tiny train car with the word “transit” next to it, sitting atop the list of usual ride-hailing options. A quick tap produces a list of bus or train routes as well as the expected fare price and end-to-end directions. It’s the first example of Uber’s year-long effort to integrate public transportation options into its app.
According to the company’s transit team, the goal is to discourage people from using their personal vehicles by offering more transportation options, whether that’s a bike, scooter, or now, a bus or train. It’s no secret that Uber wants to become the “One Ring” for transportation, the app that brings all other modes together and, in the darkness, binds them.




Protectionism? So, Amazon can’t sell Amazon stuff and they can’t invest in Indian companies that sell Amazon stuff.
Amazon and Flipkart pull 100,000s of products to comply with new Indian law
First announced at the end of 2018, the new regulation imposes a ban on exclusive sales, prevents retailers from selling products on platforms they count as investors, and it applies restrictions on discounts and cashback promotions.
That’s hugely problematic for Amazon and Flipkart, its rival that’s owned by Walmart following a $16 billion investment last year. After a 2016 ruling prevented it from owning inventory, Amazon restricted its system so that its own products were offered by entities that it jointly owned with local partners. However, the newest regulation forbids it from working with organizations that it has ownership of, hence it is estimated to have pulled as many as 400,000 products from sale in India, according to a New York Times report.
The same report suggests that Flipkart could pull as many as one-quarter of its products in order to comply with the rule, according to analysis from consulting firm Technopak.




Perspective.
Humanics: A way to ‘robot-proof’ your career?
A recent study by Pew Research found that in 10 advanced and emerging economies, most workers expect computers will do much of the work currently done by humans within 50 years. Workers are clearly anxious about the effects on the job market of artificial intelligence and automation.
Estimates about how much of the workforce could be automated vary from about 9% to 47%. The consultancy McKinsey estimates up to 800 million workers globally could be displaced by robotic automation by 2030. Some jobs will change dramatically, while others will disappear altogether.
… Future-proofing your career is less about picking a safe job and more about constantly updating your skills throughout your career, according to Northeastern University president Joseph Aoun, who wrote Robot-Proof: Higher Education in the Age of Artificial Intelligence.
He says education needs to change dramatically if workers are to adapt to this new environment. His solution, which he calls humanics, has three basic pillars:
Technical ability: understanding how machines function and how to interact with them.
Data discipline: navigating the sea of information that's generated by these machines.
And the human discipline: "which is what we humans can do that machines for the foreseeable future, cannot emulate.




I suppose it’s not too early to start looking at candidates, but I am surprised at how few names I recognize.
What The Potential 2020 Candidates Are Doing And Saying, Vol. 4
Welcome to a weekly collaboration between FiveThirtyEight and ABC News. With 5,000 people seemingly thinking about challenging President Trump in 2020 — Democrats and even some Republicans — we’re keeping tabs on the field as it develops. Each week, we’ll run through what the potential candidates are up to — who’s getting closer to officially jumping in the ring and who’s getting further away.


Thursday, January 31, 2019

I’m surprised it took them almost two years to do this.
Bangladesh to Sue Philippine Bank Over $81M Cyber Heist
Unidentified hackers stole $81 million from the Bangladesh central bank's account with the US Federal Reserve in New York in February 2016.
The money was then transferred to a Manila branch of the Rizal Commercial Banking Corp (RCBC), swiftly withdrawn and laundered through local casinos.
A case will be filed against RCBC and "all others" involved in the heist to try and retrieve the stolen funds, Bangladesh central bank governor Fazle Kabir told AFP.
The Philippines in 2016 imposed a record $21 million fine on RCBC after investigating its role in the audacious cyber heist.
The bank has rejected the allegations and in 2017 accused Bangladesh's central bank of a "massive cover-up".
This month ex-RCBC manager Maia Deguito was handed a lengthy jail term and $109 million in fines in the first conviction over the massive theft.
The theft exposed the Philippines as a haven for dirty money, where some of the world's strictest bank secrecy laws protect account holders from scrutiny
The hackers bombarded the US Federal Reserve with dozens of transfer requests, attempting to steal a further $850 million.
But the bank's security systems and typing errors in some requests prevented the full theft.




Something my Computer Security students need to consider.
Businesses Are Finding Out That Cyber Insurance Coverage Might Not Be What They Thought
… Evidence is building that many of these cyber insurance policies might be close to worthless, as insurance companies look for any excuse possible to avoid paying out the full amount of a claim.
One of the most extensive studies on the state of cyber insurance coverage comes from Mactavish, the UK’s leading expert on insurance governance. The company recently launched its own Cyber Risk Consulting Practice, and sought to determine the current parameters of the cyber insurance market. What they found was disappointing, to say the least. Overall, there were at least eight major flaws in how cyber insurance coverage is determined and eventually paid out. What insurance covers can be very confusing.
The leading flaw, according to Mactavish, is that most insurance claims are limited to attacks and unauthorized activity, and do not include coverage from accidental errors and omissions. Thus, when deciding whether or not to pay out a claim, an insurance company could simply point to a factor like human error and refuse to pay out the claim for a hacked computer system.




...and we’re probably not done yet!
Hackers Are Passing Around a Megaleak of 2.2 Billion Records
… Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2–5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.




Wait until the GDPR hits these companies.
Cheap Internet of Things gadgets betray you even after you toss them in the trash
… Although these so-called Internet of Things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. You may not need to do much, but you still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.
In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.
All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.
The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture or bought it secondhand.




I don’t see this as illegal or immoral. We should probably start an organization to do this that is not aligned with any government. Recruit my Ethical Hacking students.
Special Report: Inside the UAE’s secret hacking team of U.S. mercenaries




No one thought this was illegal? Selling the lie is illegal, buying the lie is not?
First on CNN: NY Attorney General targets fake social media activity
A company that brought in millions of dollars in revenue by creating fake social media posts and comments has settled a case with the state of New York after a probe exposed its activities. It's the first finding by a law enforcement agency indicating that such activity constitutes illegal deception and illegal impersonation, according to the state's top attorney.
The New York Attorney General's office is making it clear that, in its view, selling fake social media activity in the state is illegal.
… The settlement between Devumi and the state of New York does not address whether the activity of Devumi's customers is also illegal.




Perspective. Lots of data and some graphics to make it understandable.
Digital trends 2019: Every single stat you need to know about the internet
We Are Social and Hootsuite’s latest collection of Global Digital reports reveals that internet users are growing by an average of more than one million new users every day, with all of the original ‘Next Billion Users’ now online.




A simple intro with pointers to other resources.
An intro to artificial intelligence for the average human (you)
[Also see: SAS Software's complete guide to artificial intelligence




Could be a useful tool.
CleverPDF Offers 20 Ways to Work With PDFs in Other Formats
CleverPDF is a free service that anyone can use to convert a PDF into a Word document, a Pages file, or an ePub file. That's just the tip of the iceberg of what's on offer from CleverPDF. The service can be used to create PowerPoint slides, Keynote slides, images, Numbers, and Excel files.
In addition to turning existing PDFs into other formats, CleverPDF can be used to convert other files into PDFs. For example, you can use CleverPDF to create PDFs from Word, PPTX, Excel, and images.
And if you already have a PDF, but need to modify it, CleverPDF has tools for that too. CleverPDF will let you combine PDFs, split PDFs, apply watermarks to your PDFs, and encrypt your PDFs.
I used CleverPDF to convert one of my PDFs into a Word document today. It was quick and easy. I didn't have to register on the site or enter my email address in order to convert my PDF and then download the Word document.




...and you don’t even need leather pants!
Harley-Davidson reveals 2 new electric concepts that would not require a motorcycle license
… According to a news release from H-D, “these concepts explore the potential of urban mobility and two-wheeled adoption.” Also noted, the “goal for the concepts is to not require a motorcycle license to operate and feature twist and go operation; lowering the learning curve and expanding the opportunity to riders and aspiring riders everywhere in the process.”


Wednesday, January 30, 2019

I never would have guessed.
Study: Oklahomans lose an average of $4,100 to internet scams
A study found Oklahoman lost an average $4,154.02 to internet scams in 2017.
The study, conducted by CenturyLinkQuote, an authorized reseller of Centurylink products, used FBI and Census data to find how much victims lost to scams in each state.
Alaska is the 48th least-populated state, but its sparse population doesn’t stop it from ranking the highest for number of victims per capita. South and North Dakota rank just above Alaska in terms of population, but they came in first and second, respectively, with the least victims per capita.
High scam risk doesn’t correlate to high money losses, the study found. Nevada experiences more scams than any state besides Alaska, but Nevada victims lose the least amount of money in scams. In all but two states, average victim losses per scam total over $1,000 per person. But in Nevada, the average loss per scam is just $6.53. In Colorado, it’s just $7.12.
Oklahoma had 7.15 victims per 10,000 people to Internet scams and lost about $11.64 million to Internet scams in 2017.




Privacy pays dividends. Many still not GDPR compliant!
Cisco 2019 Data Privacy Benchmark Study
Cisco newsroom: “Organizations worldwide that invested in maturing their data privacy practices are now realizing tangible business benefits from these investments, according to Cisco’s 2019 Data Privacy Benchmark Study. The Study validates the link between good privacy practice and business benefits as respondents report shorter sales delays as well as fewer and less costly data breaches.
The European Union’s General Data Protection Regulation, which focused on increasing protection for EU residents’ privacy and personal data, became enforceable in May 2018. Organizations worldwide have been working steadily towards getting ready for GDPR. Within Cisco’s 2019 Data Privacy Benchmark Study, 59 percent of organizations reported meeting all or most requirements, 29 percent expect to do so within a year, and 9 percent will take more than a year…”




How to “do” privacy.
Internet Society Publishes Privacy Code of Conduct
the Internet Society published on Monday (International Privacy Day) its Privacy Code of Conduct (PDF) -- nine steps that all companies should take to ensure data privacy.




To mute the criticism or to make real change? Stay tuned.
Facebook hires one of its biggest privacy critics to oversee WhatsApp privacy
Facebook has hired Nate Cardozo, formerly the top legal counsel at privacy watchdog Electronic Frontier Foundation and a prominent Facebook critic, to a privacy role at WhatsApp. The move comes as the social media giant seeks to integrate the WhatsApp messenger product with its Instagram and Facebook properties.
Adding Cardozo to the WhatsApp privacy ranks shows how the company may be planning for future legal and lobbying efforts. Facebook is facing scrutiny in the EU over its plans to merge other social media properties with WhatsApp, with the Irish Data Protection Commissioner saying the move could be barred over privacy concerns.




Promises. Will they be there in version 2.0?
Aetna makes an Apple Watch app—promises not to use activity data against you
Health insurance giant Aetna has teamed up with Apple to create a health-tracking app for Apple Watch that will have access to Aetna members’ medical data and offer monetary rewards for meeting personalized wellness goals.
… For any Aetna members wary of sharing such health tracking data with their insurer and Apple, the two companies emphasized that the app was packed with security features (such as continuous authentication) and privacy features (such as opt-in data sharing choices). Perhaps most importantly, Aetna promised that the “[i]nformation from this program will not be used for underwriting, premium or coverage decisions.”




This is clever. No doubt Steven King novels will be next.
Some of Google Home's best features are the ones that are just for fun, like playing the "I'm feeling lucky" game show, listening to different animal sounds, and asking for interesting facts. Google is expanding on that repertoire with storytelling sound effects for certain Disney stories. Parents in the US can activate the new feature by saying "Hey Google, let's read along with Disney." Their Home device will then listen along and play appropriate sound effects and music for the chosen story, which can be selected from a library of 11, with more to come.




The future has arrived! No help for the morning commute.
Denver, RTD launch free driverless shuttle on set route near airport
… The system launched on Tuesday and will run free of charge every weekday from 10 a.m. to 6 p.m. for the next few months.
The vehicles, made by EasyMile, hold up to 12 people and run at speeds between 12 and 15 miles per hour. While there’s no driver on the shuttle, an “ambassador” will be on board to answer questions and keep an eye on passenger safety.




An interesting collection. I’ll put my library to work.
An AI reading list — from practical primers to sci-fi short stories


Tuesday, January 29, 2019

Something my students will have to address.
Boardrooms Are Still Not Singing the Security Song
Despite all indications that cybersecurity is now 'top of mind' for company boardrooms, less than 50% of companies have a CISO position with a seat at the board. Boardrooms have learned all the words and they know all the notes, but they've never quite learned to sing the song.
This figure and others come from a November 2018 survey (PDF), conducted by Vanson Bourne and commissioned by Thycotic. It queried 200 CISOs in the UK and Germany from largely mid-size companies in both the public and private sector with at least 1,000 employees. Thycotic's chief security scientist and advisory CISO, Joseph Carson, believes the issues raised will affect most CISOs throughout the world.
The board is still seeing cybersecurity as something that is reactive and a cost rather than something that is an innovation or a business strategy."
More than 60% of the respondents believe senior management considers their role to be basically defensive and protective. Only 37% believe management sees them as a business-positive force, enabling secure growth and gaining competitive advantage.


(Related) Something to stimulate conversation.
WEF2019 Global Risk Report Ranks Cyber Attacks Among Most Likely Global Threats
… The WEF2019 global risk report has named cyber attacks and data breaches as the fourth and fifth most serious risks facing the world, the second year in a row in which these threats have been present in the top five.




For our self-driving car debate. (They need to come up with a more driver-friendly headline.)
Robot valets will drag your car into a parking spot at UK airport
In August, the U.K. airport will begin a three-month-long pilot program in which robots codenamed “Stan” park travelers’ cars for them — and if all goes well with the trial, the bots could become a common sight in parking lots across the globe.
According to a planning application submitted to the Crawley Borough Council by the Gatwick Airport, a driver will park their car in one of eight newly built cabins and summon a Stan via a nearby touchscreen before catching a shuttle to the airport terminal.
A Stan will roll to the front of the car and lift the vehicle up, similarly to how a forklift lifts a pallet. The bot will then ferry the car to one of 270 available parking spaces. The robot valet service knows each passenger’s flight info and will retrieve their car when they return to the Gatwick Airport, placing it in one of the cabins for pick-up.




For our AI debate.
Artificial intelligence will become the next new human right
… it was back in 2016 that the United Nations decreed Internet access should be considered a basic right.
While a non-binding premise, the UN still considers deliberate Internet disruption as a human rights violation.
… The Salesforce CEO said that AI is becoming a "new human right" at the World Economic Forum in Switzerland this week, as reported by Business Insider.
In the same way that Internet access prompted what is known as the "Digital Divide" -- the 'have' and 'have nots' when it comes to reliable, stable Internet services depending on location and economic levels – AI is also expected to create a similar separation.
According to Benioff, AI is going to become a service which everyone will need. Countries and companies alike will be "smarter," "healthier," and "richer" if they have AI, whereas those without will be "weaker and poorer, less educated and sicker," the publication reports.




Toward our goal of replacing all the lawyers?
Legal AI – Its Definition and Its Value to the Legal World
Artificial Lawyer – “‘AI’ is an awkward term. Just as ‘technology’ can mean everything from cave persons shaping flints to make spearheads, to the first electric toasters of the early 20th century, to quantum computing today, the term ‘AI’ also has a broad remit. Some flippantly say it means ‘any technology that is new’, others tend to feel it must mean some sort of ‘human-like machine’, and others may think in prosaic terms of ‘a computer that can think’. Unfortunately, this doesn’t really help us in the legal world and the latter two ideas are way too ambitious as definitions compared to what we actually have in the real world of early 2019. Doc review software using natural language processing (NLP) that has been improved with machine learning (ML) is all there is to it. Software, useful software, that’s all it is. Labelling anything ‘legal AI’ is clearly open to interpretation, but, many people who work in this area use the term in confidence and know what they mean. In which case, let’s stick with it.
OK then, but…..what does it mean? To Artificial Lawyer it primarily means using NLP and ML to achieve a cognitive task, such as reading a text, spotting certain semantic features, and then telling the user what it has found. That is it. This core legal AI capability can be harnessed to other software, such as expert systems, for example, (i.e. rules-based logic trees) and workflow automation tools, to become more effective. And, when you start to think through the broader ramifications of software that can read and respond in an automated manner….well….then you start to see that this may be a narrow ‘skill’, but its applicability is very broad – especially in the text-based world of the law…”




Perspective.
Automation and Artificial Intelligence: How machines are affecting people and places
At first, technologists issued dystopian alarms about the power of automation and artificial intelligence (AI) to destroy jobs. Then came a correction, with a wave of reassurances. Now, the discourse appears to be arriving at a more complicated understanding, suggesting that automation will bring neither apocalypse nor utopia, but instead both benefits and stress alike. Such is the ambiguous and sometimes disembodied nature of the “future of work” discussion.
Hence the analysis presented here. Intended to bring often-inscrutable trends down to earth, the following report develops both backward and forward-looking analyses of the impacts of automation over the years 1980 to 2016 and 2016 to 2030 to assess past and upcoming trends as they affect both people and communities in the United States.




Python now, more languages soon. (Still free!)
Kite raises $17 million for its AI-powered developer environment
Kite, which suggests code snippets for Python developers in real time, has raised $17 million in a series A round led by Trinity Ventures. The latest version of the free developer tool no longer relies on the cloud, meaning it runs locally, and it adds a nifty feature called Line-of-Code Completions.




For our programmers…
… The good news is that top tier companies have become enthusiasts. So start tracking these coding challenges for money or jobs and grab that career breakthrough today.




For the next Math class.
Learning Math For Machine Learning And Artificial Intelligence Programming
Last year, I started writing about my experiences taking courses on machine learning and artificial intelligence. One of the big, unexpected problems I ran into was calculus and linear algebra. I've found that many online courses say you don't need much mathematics fundamentals to be a programmer, but inevitably, even in beginner courses, the underlying math was important to understand what was going on.
… After spending a lot of time online trying to sort through this haystack of do-it-yourself calculus blogs, college class PDFs, and other resources, I came away with two websites that were outstanding for teaching basic calculus and linear algebra: Khan Academy and an on-demand tutoring service called Yup.




Top up your toolkit!
An introduction to tools for creating infographics, timelines and other data visualizations
Jess Rios – Harvard Law School Library – “Particularly when we talk about large numbers, it can be difficult to fully understand their impact. With an ever-increasing amount of data and information available to us, data visualization is becoming more important to help people truly understand the meaning of the information that is collected. Whether you are teaching in a classroom or presenting in front of clients, the ability to distill and contextualize data is one that will set you apart and the tools in this guide will help you to do just that.


Monday, January 28, 2019

“It’s for your own good!” Perhaps my Ethical Hacking students could do the same?
Catalin Cimpanu reports:
The Japanese government approveda law amendment on Friday that will allow government workers to hack into people’s Internet of Things devices as part of an unprecedented survey of insecure IoT devices.
The survey will be carried out by employees of the National Institute of Information and Communications Technology (NICT) under the supervision of the Ministry of Internal Affairs and Communications.
Read more on ZDNet.
[From the article:
NICT employees will be allowed to use default passwords and password dictionaries to attempt to log into Japanese consumers' IoT devices.
The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices.




Great for my Computer Security students, but I’ll share this with everyone.
Be safe on the internet.
An open source checklist of resources designed to improve your online privacy and security.




Is it easy to fix this?
Misinformation Woes Could Multiply With 'Deepfake' Videos
If you see a video of a politician speaking words he never would utter, or a Hollywood star improbably appearing in a cheap adult movie, don't adjust your television set -- you may just be witnessing the future of "fake news."
"Deepfake" videos that manipulate reality are becoming more sophisticated due to advances in artificial intelligence, creating the potential for new kinds of misinformation with devastating consequences.
"A well-timed and thoughtfully scripted deepfake or series of deepfakes could tip an election, spark violence in a city primed for civil unrest, bolster insurgent narratives about an enemy's supposed atrocities, or exacerbate political divisions in a society," Chesney and University of Maryland professor Danielle Citron said in a blog post for the Council on Foreign Relations.
Paul Scharre, a senior fellow at the Center for a New American Security, a think tank specializing in AI and security issues, said it was almost inevitable that deepfakes would be used in upcoming elections.
With believable fake videos in circulation, he added, "people can choose to believe whatever version or narrative that they want, and that's a real concern."




Interesting to think through.
The internet of human things: Implants for everybody and how we get there
Over the past several years, the Government of Sweden has been moving toward becoming a completely cashless society. By 2025, most Swedish citizens will perform all their financial transactions using debit and credit cards, mobile devices, PCs, or wearables.
But a small, growing number have gone even further than using conventional technology to make payments. They are using implants -- tiny, rice grain-sized microchips that use Near-Field Communications (NFC) technology -- to communicate wirelessly with reader terminals installed in stores and other public places.
… Wallets Must Die
… And So Should Your Keys




There is no reason for any of these companies to store their data in an easily-read-by-humans format. Perhaps there is a business opportunity to “translate” for reporters?
GDPR makes it easier to get your data, but that doesn’t mean you’ll understand it
If the numerous tech scandals of recent years have taught us anything, it’s that tech companies hold a truly terrifying amount of data about us all. Along with feeling invasive, this data can be outright dangerous when it falls into the wrong hands.
Europe’s response to that risk, put in place as part of the General Data Protection Regulation (GDPR), is the “Right of Access.” The right says that, when requested, any company should be prepared to provide you with your personal data. They should provide it in a way that’s easy for you to read, in a timely manner, and with enough background information for you to understand how they got it and how they use it. The thinking is that once you know what data a company holds about you, you can use it to make informed decisions about whether you want to provide it, as well as holding them accountable when they gather data without your consent.
… All of my location data from Google was contained within a single 61MB JSON file, and opening it with Chrome revealed a bewildering array of fields labeled “timestampMs,” “latitudeE7,” “logitudeE7,” and estimations about whether I was sitting still or in some kind of transport (I assume).
I don’t doubt that this is all the location history information that Google has associated with my account, but without context, this data is meaningless. It’s a series of numbers that I’d have to make a serious effort to even begin to understand and import into another piece of software to properly parse.




How to handle e-assets?
Court rules man must be given access to husband's iCloud photos
Apple must provide a man access to the iCloud account of his late husband so he can retrieve family photos shot with an iPhone and a dedicated camera, a New York judge has ruled.
Nicholas Scandalios has so far been locked out of the Apple ID belonging to his husband, Ric Swezey, who was killed in an accident two years ago, according to MarketWatch. Apple hasn't been outright fighting the request, but did insist that Scandalios obtain a court order. [Sounds like ‘fighting’ to me. Bob]
"Apple shall afford the opportunity to reset the password to [Swezey's] Apple ID," Surrogate Judge Rita Mella wrote in her ruling.
Complicating the situation is that Swezey's will didn't contain language authorizing access. Mella's opinion stated that the photos weren't a form of "electronic communication" requiring proof of consent or even a court order, which could help build precedent against Apple's position.




This is a fun way to look at AI.
Google – Talk to Books
“In Talk to Books (Beta), when you type in a question or a statement, the model looks at every sentence in over 100,000 books to find the responses that would most likely come next in a conversation. The response sentence is shown in bold, along with some of the text that appeared next to the sentence for context.. Mastering Talk to Books may take some experimentation. Although it has a search box, its objectives and underlying technology are fundamentally different than those of a more traditional search experience. It’s simply a demonstration of research that enables an AI to find statements that look like probable responses to your input rather than a finely polished tool that would take into account the wide range of standard quality signals. You may need to play around with it to get the most out of it..
  • Not a traditional search – Use this demo as a creativity tool to explore ideas and discover books by getting quotes that respond to your queries.
  • Use natural language – Speaking to it in sentences will often get better results than keywords. That’s because the AI is trained on human conversations.
  • Play with it – Try our sample queries then try your own. Experiment with different wording to see how it changes the results…”


Sunday, January 27, 2019

Another dull Sunday. I guess all the reporters went skiing.


I have been waiting for something like this. There probably won’t be many stories about the content.
Huge Trove of Leaked Russian Documents Is Published by Transparency Advocates
A group of transparency advocates on Friday posted a mammoth collection of hacked and leaked documents from inside Russia, a release widely viewed as a sort of symbolic counterstrike against Russia’s dissemination of hacked emails to influence the American presidential election in 2016.
Most of the material, which sheds light on Russia’s war in Ukraine as well as ties between the Kremlin and the Russian Orthodox Church, the business dealings of oligarchs and much more, had been released in Russia, Ukraine and elsewhere, sometimes on obscure websites. There were no immediate reports of new bombshells from the collection.
… The Russian documents were posted simultaneously on the DDoSecrets website and on the Internet Archive.




Perspective. What the USPS couldn’t shove through your front door mail slot, you had to go to the post office to pick up. Things have changed.
UPS expands keyless-entry system for deliveries
United Parcel Service is expanding a keyless-entry system for package deliveries at apartment buildings after a successful test in New York and San Francisco.
The efficiency gains from not having to resend packages or fumble with a ring full of keys prompted UPS to extend the service to 10 cities where high-rise residential towers are common, including Boston, Chicago and Los Angeles.
The system, in which drivers can enter buildings but not individual apartments, will be available in mid-2019, UPS said in a statement Tuesday.